Ensure edge function is invoked only with valid service-role key
I've got a function that's going to only be invoked by a database webhook and want to ensure that only the service-role key can invoke it. I've copied the service-role key into an Authorization header in the database webhook and everything is working fine on that front. My question is, is there a way to ensure an edge function can only be invoked by a service-role key? This seems like something that should happen at the Kong (API gateway) level and not in the edge function itself. I'm sure I can parse the token and check the role in javascript/the edge function, just wanted to make sure I'm not missing some setting somewhere to do it at the API gateway.
